package org.xbill.DNS;

import java.io.IOException;
import java.math.BigInteger;
import java.security.GeneralSecurityException;
import java.security.KeyFactory;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.Signature;
import java.security.interfaces.DSAParams;
import java.security.interfaces.DSAPrivateKey;
import java.security.interfaces.DSAPublicKey;
import java.security.interfaces.RSAPrivateKey;
import java.security.interfaces.RSAPublicKey;
import java.security.spec.DSAPublicKeySpec;
import java.security.spec.RSAPublicKeySpec;
import java.util.Arrays;
import java.util.Date;
import java.util.Iterator;

public class DNSSEC
{
  private static final int ASN1_INT = 2;
  private static final int ASN1_SEQ = 48;
  private static final int DSA_LEN = 20;

  private static int BigIntegerLength(BigInteger paramBigInteger)
  {
    return ((7 + paramBigInteger.bitLength()) / 8);
  }

  private static byte[] DSASignaturefromDNS(byte[] paramArrayOfByte)
    throws DNSSEC.DNSSECException, IOException
  {
    if (paramArrayOfByte.length != 41)
      throw new SignatureVerificationException();
    DNSInput localDNSInput = new DNSInput(paramArrayOfByte);
    DNSOutput localDNSOutput = new DNSOutput();
    localDNSInput.readU8();
    byte[] arrayOfByte1 = localDNSInput.readByteArray(20);
    int i = 20;
    if (arrayOfByte1[0] < 0)
      ++i;
    byte[] arrayOfByte2 = localDNSInput.readByteArray(20);
    int j = 20;
    if (arrayOfByte2[0] < 0)
      ++j;
    localDNSOutput.writeU8(48);
    localDNSOutput.writeU8(4 + i + j);
    localDNSOutput.writeU8(2);
    localDNSOutput.writeU8(i);
    if (i > 20)
      localDNSOutput.writeU8(0);
    localDNSOutput.writeByteArray(arrayOfByte1);
    localDNSOutput.writeU8(2);
    localDNSOutput.writeU8(j);
    if (j > 20)
      localDNSOutput.writeU8(0);
    localDNSOutput.writeByteArray(arrayOfByte2);
    return localDNSOutput.toByteArray();
  }

  private static byte[] DSASignaturetoDNS(byte[] paramArrayOfByte, int paramInt)
    throws IOException
  {
    DNSInput localDNSInput = new DNSInput(paramArrayOfByte);
    DNSOutput localDNSOutput = new DNSOutput();
    localDNSOutput.writeU8(paramInt);
    if (localDNSInput.readU8() != 48)
      throw new IOException();
    localDNSInput.readU8();
    if (localDNSInput.readU8() != 2)
      throw new IOException();
    int i = localDNSInput.readU8();
    if (i == 21)
    {
      if (localDNSInput.readU8() == 0)
        break label103;
      throw new IOException();
    }
    if (i != 20)
      throw new IOException();
    label103: localDNSOutput.writeByteArray(localDNSInput.readByteArray(20));
    if (localDNSInput.readU8() != 2)
      throw new IOException();
    int j = localDNSInput.readU8();
    if (j == 21)
    {
      if (localDNSInput.readU8() == 0)
        break label172;
      throw new IOException();
    }
    if (j != 20)
      throw new IOException();
    label172: localDNSOutput.writeByteArray(localDNSInput.readByteArray(20));
    return localDNSOutput.toByteArray();
  }

  private static String algString(int paramInt)
    throws DNSSEC.UnsupportedAlgorithmException
  {
    String str;
    switch (paramInt)
    {
    case 2:
    case 4:
    case 9:
    default:
      throw new DNSSEC.UnsupportedAlgorithmException(paramInt);
    case 1:
      str = "MD5withRSA";
    case 3:
    case 6:
    case 5:
    case 7:
    case 8:
    case 10:
    }
    while (true)
    {
      while (true)
      {
        while (true)
        {
          while (true)
          {
            return str;
            str = "SHA1withDSA";
          }
          str = "SHA1withRSA";
        }
        str = "SHA256withRSA";
      }
      str = "SHA512withRSA";
    }
  }

  static void checkAlgorithm(PrivateKey paramPrivateKey, int paramInt)
    throws DNSSEC.UnsupportedAlgorithmException
  {
    switch (paramInt)
    {
    case 2:
    case 4:
    case 9:
    default:
      throw new DNSSEC.UnsupportedAlgorithmException(paramInt);
    case 1:
    case 5:
    case 7:
    case 8:
    case 10:
      if (paramPrivateKey instanceof RSAPrivateKey)
        return;
      throw new IncompatibleKeyException();
    case 3:
    case 6:
    }
    if (!(paramPrivateKey instanceof DSAPrivateKey))
      throw new IncompatibleKeyException();
  }

  public static byte[] digestMessage(SIGRecord paramSIGRecord, Message paramMessage, byte[] paramArrayOfByte)
  {
    DNSOutput localDNSOutput = new DNSOutput();
    digestSIG(localDNSOutput, paramSIGRecord);
    if (paramArrayOfByte != null)
      localDNSOutput.writeByteArray(paramArrayOfByte);
    paramMessage.toWire(localDNSOutput);
    return localDNSOutput.toByteArray();
  }

  public static byte[] digestRRset(RRSIGRecord paramRRSIGRecord, RRset paramRRset)
  {
    DNSOutput localDNSOutput2;
    int k;
    DNSOutput localDNSOutput1 = new DNSOutput();
    digestSIG(localDNSOutput1, paramRRSIGRecord);
    int i = paramRRset.size();
    Record[] arrayOfRecord = new Record[i];
    Iterator localIterator = paramRRset.rrs();
    Name localName1 = paramRRset.getName();
    Name localName2 = null;
    int j = 1 + paramRRSIGRecord.getLabels();
    if (localName1.labels() > j)
      localName2 = localName1.wild(localName1.labels() - j);
    if (!(localIterator.hasNext()))
    {
      Arrays.sort(arrayOfRecord);
      localDNSOutput2 = new DNSOutput();
      if (localName2 == null)
        break label171;
      localName2.toWireCanonical(localDNSOutput2);
      localDNSOutput2.writeU16(paramRRset.getType());
      localDNSOutput2.writeU16(paramRRset.getDClass());
      localDNSOutput2.writeU32(paramRRSIGRecord.getOrigTTL());
      k = 0;
    }
    while (true)
    {
      while (true)
      {
        while (true)
        {
          if (k < arrayOfRecord.length)
            break label181;
          return localDNSOutput1.toByteArray();
          arrayOfRecord[(--i)] = ((Record)localIterator.next());
        }
        label171: localName1.toWireCanonical(localDNSOutput2);
      }
      label181: localDNSOutput1.writeByteArray(localDNSOutput2.toByteArray());
      int l = localDNSOutput1.current();
      localDNSOutput1.writeU16(0);
      localDNSOutput1.writeByteArray(arrayOfRecord[k].rdataToWireCanonical());
      int i1 = localDNSOutput1.current() - l - 2;
      localDNSOutput1.save();
      localDNSOutput1.jump(l);
      localDNSOutput1.writeU16(i1);
      localDNSOutput1.restore();
      ++k;
    }
  }

  private static void digestSIG(DNSOutput paramDNSOutput, SIGBase paramSIGBase)
  {
    paramDNSOutput.writeU16(paramSIGBase.getTypeCovered());
    paramDNSOutput.writeU8(paramSIGBase.getAlgorithm());
    paramDNSOutput.writeU8(paramSIGBase.getLabels());
    paramDNSOutput.writeU32(paramSIGBase.getOrigTTL());
    paramDNSOutput.writeU32(paramSIGBase.getExpire().getTime() / 1000L);
    paramDNSOutput.writeU32(paramSIGBase.getTimeSigned().getTime() / 1000L);
    paramDNSOutput.writeU16(paramSIGBase.getFootprint());
    paramSIGBase.getSigner().toWireCanonical(paramDNSOutput);
  }

  private static byte[] fromDSAPublicKey(DSAPublicKey paramDSAPublicKey)
  {
    DNSOutput localDNSOutput = new DNSOutput();
    BigInteger localBigInteger1 = paramDSAPublicKey.getParams().getQ();
    BigInteger localBigInteger2 = paramDSAPublicKey.getParams().getP();
    BigInteger localBigInteger3 = paramDSAPublicKey.getParams().getG();
    BigInteger localBigInteger4 = paramDSAPublicKey.getY();
    localDNSOutput.writeU8((localBigInteger2.toByteArray().length - 64) / 8);
    writeBigInteger(localDNSOutput, localBigInteger1);
    writeBigInteger(localDNSOutput, localBigInteger2);
    writeBigInteger(localDNSOutput, localBigInteger3);
    writeBigInteger(localDNSOutput, localBigInteger4);
    return localDNSOutput.toByteArray();
  }

  static byte[] fromPublicKey(PublicKey paramPublicKey, int paramInt)
    throws DNSSEC.DNSSECException
  {
    byte[] arrayOfByte;
    ((byte[])null);
    switch (paramInt)
    {
    case 2:
    case 4:
    case 9:
    default:
      throw new DNSSEC.UnsupportedAlgorithmException(paramInt);
    case 1:
    case 5:
    case 7:
    case 8:
    case 10:
      if (!(paramPublicKey instanceof RSAPublicKey))
        throw new IncompatibleKeyException();
      arrayOfByte = fromRSAPublicKey((RSAPublicKey)paramPublicKey);
    case 3:
    case 6:
    }
    while (true)
    {
      return arrayOfByte;
      if (!(paramPublicKey instanceof DSAPublicKey))
        throw new IncompatibleKeyException();
      arrayOfByte = fromDSAPublicKey((DSAPublicKey)paramPublicKey);
    }
  }

  private static byte[] fromRSAPublicKey(RSAPublicKey paramRSAPublicKey)
  {
    DNSOutput localDNSOutput = new DNSOutput();
    BigInteger localBigInteger1 = paramRSAPublicKey.getPublicExponent();
    BigInteger localBigInteger2 = paramRSAPublicKey.getModulus();
    int i = BigIntegerLength(localBigInteger1);
    if (i < 256)
      localDNSOutput.writeU8(i);
    while (true)
    {
      writeBigInteger(localDNSOutput, localBigInteger1);
      writeBigInteger(localDNSOutput, localBigInteger2);
      return localDNSOutput.toByteArray();
      localDNSOutput.writeU8(0);
      localDNSOutput.writeU16(i);
    }
  }

  // ERROR //
  static byte[] generateDS(DNSKEYRecord paramDNSKEYRecord, int paramInt)
  {
    // Byte code:
    //   0: new 62	org/xbill/DNS/DNSOutput
    //   3: dup
    //   4: invokespecial 63	org/xbill/DNS/DNSOutput:<init>	()V
    //   7: astore_2
    //   8: aload_2
    //   9: aload_0
    //   10: invokevirtual 284	org/xbill/DNS/DNSKEYRecord:getFootprint	()I
    //   13: invokevirtual 169	org/xbill/DNS/DNSOutput:writeU16	(I)V
    //   16: aload_2
    //   17: aload_0
    //   18: invokevirtual 285	org/xbill/DNS/DNSKEYRecord:getAlgorithm	()I
    //   21: invokevirtual 74	org/xbill/DNS/DNSOutput:writeU8	(I)V
    //   24: aload_2
    //   25: iload_1
    //   26: invokevirtual 74	org/xbill/DNS/DNSOutput:writeU8	(I)V
    //   29: iload_1
    //   30: tableswitch	default:+22 -> 52, 1:+60->90, 2:+107->137
    //   53: aconst_null
    //   54: lload_1
    //   55: dup
    //   56: new 289	java/lang/StringBuilder
    //   59: dup
    //   60: ldc_w 291
    //   63: invokespecial 294	java/lang/StringBuilder:<init>	(Ljava/lang/String;)V
    //   66: iload_1
    //   67: invokevirtual 298	java/lang/StringBuilder:append	(I)Ljava/lang/StringBuilder;
    //   70: invokevirtual 302	java/lang/StringBuilder:toString	()Ljava/lang/String;
    //   73: invokespecial 303	java/lang/IllegalArgumentException:<init>	(Ljava/lang/String;)V
    //   76: athrow
    //   77: astore 5
    //   79: new 305	java/lang/IllegalStateException
    //   82: dup
    //   83: ldc_w 307
    //   86: invokespecial 308	java/lang/IllegalStateException:<init>	(Ljava/lang/String;)V
    //   89: athrow
    //   90: ldc_w 310
    //   93: invokestatic 316	java/security/MessageDigest:getInstance	(Ljava/lang/String;)Ljava/security/MessageDigest;
    //   96: astore 6
    //   98: aload 6
    //   100: astore 4
    //   102: aload 4
    //   104: aload_0
    //   105: invokevirtual 317	org/xbill/DNS/DNSKEYRecord:getName	()Lorg/xbill/DNS/Name;
    //   108: invokevirtual 319	org/xbill/DNS/Name:toWire	()[B
    //   111: invokevirtual 322	java/security/MessageDigest:update	([B)V
    //   114: aload 4
    //   116: aload_0
    //   117: invokevirtual 323	org/xbill/DNS/DNSKEYRecord:rdataToWireCanonical	()[B
    //   120: invokevirtual 322	java/security/MessageDigest:update	([B)V
    //   123: aload_2
    //   124: aload 4
    //   126: invokevirtual 326	java/security/MessageDigest:digest	()[B
    //   129: invokevirtual 77	org/xbill/DNS/DNSOutput:writeByteArray	([B)V
    //   132: aload_2
    //   133: invokevirtual 81	org/xbill/DNS/DNSOutput:toByteArray	()[B
    //   136: areturn
    //   137: ldc_w 328
    //   140: invokestatic 316	java/security/MessageDigest:getInstance	(Ljava/lang/String;)Ljava/security/MessageDigest;
    //   143: astore_3
    //   144: aload_3
    //   145: astore 4
    //   147: goto -45 -> 102
    //
    // Exception table:
    //   from	to	target	type
    //   52	77	77	java/security/NoSuchAlgorithmException
    //   90	98	77	java/security/NoSuchAlgorithmException
    //   137	144	77	java/security/NoSuchAlgorithmException
  }

  private static boolean matches(SIGBase paramSIGBase, KEYBase paramKEYBase)
  {
    int i;
    if ((paramKEYBase.getAlgorithm() == paramSIGBase.getAlgorithm()) && (paramKEYBase.getFootprint() == paramSIGBase.getFootprint()) && (paramKEYBase.getName().equals(paramSIGBase.getSigner())))
      i = 1;
    while (true)
    {
      return i;
      i = 0;
    }
  }

  private static BigInteger readBigInteger(DNSInput paramDNSInput)
  {
    return new BigInteger(1, paramDNSInput.readByteArray());
  }

  private static BigInteger readBigInteger(DNSInput paramDNSInput, int paramInt)
    throws IOException
  {
    return new BigInteger(1, paramDNSInput.readByteArray(paramInt));
  }

  public static RRSIGRecord sign(RRset paramRRset, DNSKEYRecord paramDNSKEYRecord, PrivateKey paramPrivateKey, Date paramDate1, Date paramDate2)
    throws DNSSEC.DNSSECException
  {
    int i = paramDNSKEYRecord.getAlgorithm();
    checkAlgorithm(paramPrivateKey, i);
    RRSIGRecord localRRSIGRecord = new RRSIGRecord(paramRRset.getName(), paramRRset.getDClass(), paramRRset.getTTL(), paramRRset.getType(), i, paramRRset.getTTL(), paramDate2, paramDate1, paramDNSKEYRecord.getFootprint(), paramDNSKEYRecord.getName(), null);
    localRRSIGRecord.setSignature(sign(paramPrivateKey, paramDNSKEYRecord.getPublicKey(), i, digestRRset(localRRSIGRecord, paramRRset)));
    return localRRSIGRecord;
  }

  // ERROR //
  private static byte[] sign(PrivateKey paramPrivateKey, PublicKey paramPublicKey, int paramInt, byte[] paramArrayOfByte)
    throws DNSSEC.DNSSECException
  {
    // Byte code:
    //   0: iload_2
    //   1: invokestatic 373	org/xbill/DNS/DNSSEC:algString	(I)Ljava/lang/String;
    //   4: invokestatic 378	java/security/Signature:getInstance	(Ljava/lang/String;)Ljava/security/Signature;
    //   7: astore 5
    //   9: aload 5
    //   11: aload_0
    //   12: invokevirtual 382	java/security/Signature:initSign	(Ljava/security/PrivateKey;)V
    //   15: aload 5
    //   17: aload_3
    //   18: invokevirtual 383	java/security/Signature:update	([B)V
    //   21: aload 5
    //   23: invokevirtual 385	java/security/Signature:sign	()[B
    //   26: astore 6
    //   28: aload 6
    //   30: astore 7
    //   32: aload_1
    //   33: instanceof 233
    //   36: ifeq +37 -> 73
    //   39: aload 7
    //   41: aload_1
    //   42: checkcast 233	java/security/interfaces/DSAPublicKey
    //   45: invokeinterface 237 1 0
    //   50: invokeinterface 246 1 0
    //   55: invokestatic 277	org/xbill/DNS/DNSSEC:BigIntegerLength	(Ljava/math/BigInteger;)I
    //   58: bipush 64
    //   60: isub
    //   61: bipush 8
    //   63: idiv
    //   64: invokestatic 387	org/xbill/DNS/DNSSEC:DSASignaturetoDNS	([BI)[B
    //   67: astore 9
    //   69: aload 9
    //   71: astore 7
    //   73: aload 7
    //   75: areturn
    //   76: astore 4
    //   78: new 9	DNSSEC$DNSSECException
    //   81: dup
    //   82: aload 4
    //   84: invokevirtual 388	java/security/GeneralSecurityException:toString	()Ljava/lang/String;
    //   87: invokespecial 389	DNSSEC$DNSSECException:<init>	(Ljava/lang/String;)V
    //   90: athrow
    //   91: astore 8
    //   93: new 305	java/lang/IllegalStateException
    //   96: dup
    //   97: invokespecial 390	java/lang/IllegalStateException:<init>	()V
    //   100: athrow
    //
    // Exception table:
    //   from	to	target	type
    //   0	28	76	java/security/GeneralSecurityException
    //   39	69	91	IOException
  }

  static SIGRecord signMessage(Message paramMessage, SIGRecord paramSIGRecord, KEYRecord paramKEYRecord, PrivateKey paramPrivateKey, Date paramDate1, Date paramDate2)
    throws DNSSEC.DNSSECException
  {
    int i = paramKEYRecord.getAlgorithm();
    checkAlgorithm(paramPrivateKey, i);
    SIGRecord localSIGRecord = new SIGRecord(Name.root, 255, 0L, 0, i, 0L, paramDate2, paramDate1, paramKEYRecord.getFootprint(), paramKEYRecord.getName(), null);
    DNSOutput localDNSOutput = new DNSOutput();
    digestSIG(localDNSOutput, localSIGRecord);
    if (paramSIGRecord != null)
      localDNSOutput.writeByteArray(paramSIGRecord.getSignature());
    paramMessage.toWire(localDNSOutput);
    localSIGRecord.setSignature(sign(paramPrivateKey, paramKEYRecord.getPublicKey(), i, localDNSOutput.toByteArray()));
    return localSIGRecord;
  }

  private static PublicKey toDSAPublicKey(KEYBase paramKEYBase)
    throws IOException, GeneralSecurityException, DNSSEC.MalformedKeyException
  {
    DNSInput localDNSInput = new DNSInput(paramKEYBase.getKey());
    int i = localDNSInput.readU8();
    if (i > 8)
      throw new DNSSEC.MalformedKeyException(paramKEYBase);
    BigInteger localBigInteger1 = readBigInteger(localDNSInput, 20);
    BigInteger localBigInteger2 = readBigInteger(localDNSInput, 64 + i * 8);
    BigInteger localBigInteger3 = readBigInteger(localDNSInput, 64 + i * 8);
    BigInteger localBigInteger4 = readBigInteger(localDNSInput, 64 + i * 8);
    return KeyFactory.getInstance("DSA").generatePublic(new DSAPublicKeySpec(localBigInteger4, localBigInteger2, localBigInteger1, localBigInteger3));
  }

  // ERROR //
  static PublicKey toPublicKey(KEYBase paramKEYBase)
    throws DNSSEC.DNSSECException
  {
    // Byte code:
    //   0: aload_0
    //   1: invokevirtual 333	org/xbill/DNS/KEYBase:getAlgorithm	()I
    //   4: istore_1
    //   5: iload_1
    //   6: tableswitch	default:+54 -> 60, 1:+74->80, 2:+54->60, 3:+83->89, 4:+54->60, 5:+74->80, 6:+83->89, 7:+74->80, 8:+74->80, 9:+54->60, 10:+74->80
    //   61: nop
    //   62: lload_0
    //   63: dup
    //   64: iload_1
    //   65: invokespecial 88	DNSSEC$UnsupportedAlgorithmException:<init>	(I)V
    //   68: athrow
    //   69: astore 5
    //   71: new 18	DNSSEC$MalformedKeyException
    //   74: dup
    //   75: aload_0
    //   76: invokespecial 417	DNSSEC$MalformedKeyException:<init>	(Lorg/xbill/DNS/KEYBase;)V
    //   79: athrow
    //   80: aload_0
    //   81: invokestatic 439	org/xbill/DNS/DNSSEC:toRSAPublicKey	(Lorg/xbill/DNS/KEYBase;)Ljava/security/PublicKey;
    //   84: astore 4
    //   86: goto +27 -> 113
    //   89: aload_0
    //   90: invokestatic 441	org/xbill/DNS/DNSSEC:toDSAPublicKey	(Lorg/xbill/DNS/KEYBase;)Ljava/security/PublicKey;
    //   93: astore_3
    //   94: aload_3
    //   95: astore 4
    //   97: goto +16 -> 113
    //   100: astore_2
    //   101: new 9	DNSSEC$DNSSECException
    //   104: dup
    //   105: aload_2
    //   106: invokevirtual 388	GeneralSecurityException:toString	()Ljava/lang/String;
    //   109: invokespecial 389	DNSSEC$DNSSECException:<init>	(Ljava/lang/String;)V
    //   112: athrow
    //   113: aload 4
    //   115: areturn
    //
    // Exception table:
    //   from	to	target	type
    //   60	69	69	IOException
    //   80	94	69	IOException
    //   60	69	100	GeneralSecurityException
    //   80	94	100	GeneralSecurityException
  }

  private static PublicKey toRSAPublicKey(KEYBase paramKEYBase)
    throws IOException, GeneralSecurityException
  {
    DNSInput localDNSInput = new DNSInput(paramKEYBase.getKey());
    int i = localDNSInput.readU8();
    if (i == 0)
      i = localDNSInput.readU16();
    BigInteger localBigInteger1 = readBigInteger(localDNSInput, i);
    BigInteger localBigInteger2 = readBigInteger(localDNSInput);
    return KeyFactory.getInstance("RSA").generatePublic(new RSAPublicKeySpec(localBigInteger2, localBigInteger1));
  }

  private static void verify(PublicKey paramPublicKey, int paramInt, byte[] paramArrayOfByte1, byte[] paramArrayOfByte2)
    throws DNSSEC.DNSSECException
  {
    if (paramPublicKey instanceof DSAPublicKey);
    try
    {
      byte[] arrayOfByte = DSASignaturefromDNS(paramArrayOfByte2);
      paramArrayOfByte2 = arrayOfByte;
      try
      {
        Signature localSignature = Signature.getInstance(algString(paramInt));
        localSignature.initVerify(paramPublicKey);
        localSignature.update(paramArrayOfByte1);
        if (localSignature.verify(paramArrayOfByte2))
          return;
        throw new SignatureVerificationException();
      }
      catch (GeneralSecurityException localGeneralSecurityException)
      {
        throw new DNSSEC.DNSSECException(localGeneralSecurityException.toString());
      }
    }
    catch (IOException localIOException)
    {
      throw new IllegalStateException();
    }
  }

  public static void verify(RRset paramRRset, RRSIGRecord paramRRSIGRecord, DNSKEYRecord paramDNSKEYRecord)
    throws DNSSEC.DNSSECException
  {
    if (!(matches(paramRRSIGRecord, paramDNSKEYRecord)))
      throw new KeyMismatchException(paramDNSKEYRecord, paramRRSIGRecord);
    Date localDate = new Date();
    if (localDate.compareTo(paramRRSIGRecord.getExpire()) > 0)
      throw new SignatureExpiredException(paramRRSIGRecord.getExpire(), localDate);
    if (localDate.compareTo(paramRRSIGRecord.getTimeSigned()) < 0)
      throw new SignatureNotYetValidException(paramRRSIGRecord.getTimeSigned(), localDate);
    verify(paramDNSKEYRecord.getPublicKey(), paramRRSIGRecord.getAlgorithm(), digestRRset(paramRRSIGRecord, paramRRset), paramRRSIGRecord.getSignature());
  }

  static void verifyMessage(Message paramMessage, byte[] paramArrayOfByte, SIGRecord paramSIGRecord1, SIGRecord paramSIGRecord2, KEYRecord paramKEYRecord)
    throws DNSSEC.DNSSECException
  {
    if (!(matches(paramSIGRecord1, paramKEYRecord)))
      throw new KeyMismatchException(paramKEYRecord, paramSIGRecord1);
    Date localDate = new Date();
    if (localDate.compareTo(paramSIGRecord1.getExpire()) > 0)
      throw new SignatureExpiredException(paramSIGRecord1.getExpire(), localDate);
    if (localDate.compareTo(paramSIGRecord1.getTimeSigned()) < 0)
      throw new SignatureNotYetValidException(paramSIGRecord1.getTimeSigned(), localDate);
    DNSOutput localDNSOutput = new DNSOutput();
    digestSIG(localDNSOutput, paramSIGRecord1);
    if (paramSIGRecord2 != null)
      localDNSOutput.writeByteArray(paramSIGRecord2.getSignature());
    Header localHeader = (Header)paramMessage.getHeader().clone();
    localHeader.decCount(3);
    localDNSOutput.writeByteArray(localHeader.toWire());
    localDNSOutput.writeByteArray(paramArrayOfByte, 12, paramMessage.sig0start - 12);
    verify(paramKEYRecord.getPublicKey(), paramSIGRecord1.getAlgorithm(), localDNSOutput.toByteArray(), paramSIGRecord1.getSignature());
  }

  private static void writeBigInteger(DNSOutput paramDNSOutput, BigInteger paramBigInteger)
  {
    byte[] arrayOfByte = paramBigInteger.toByteArray();
    if (arrayOfByte[0] == 0)
      paramDNSOutput.writeByteArray(arrayOfByte, 1, arrayOfByte.length - 1);
    while (true)
    {
      return;
      paramDNSOutput.writeByteArray(arrayOfByte);
    }
  }

  public static class Algorithm
  {
    public static final int DH = 2;
    public static final int DSA = 3;
    public static final int DSA_NSEC3_SHA1 = 6;
    public static final int ECC = 4;
    public static final int INDIRECT = 252;
    public static final int PRIVATEDNS = 253;
    public static final int PRIVATEOID = 254;
    public static final int RSAMD5 = 1;
    public static final int RSASHA1 = 5;
    public static final int RSASHA256 = 8;
    public static final int RSASHA512 = 10;
    public static final int RSA_NSEC3_SHA1 = 7;
    private static Mnemonic algs = new Mnemonic("DNSSEC algorithm", 2);

    static
    {
      algs.setMaximum(255);
      algs.setNumericAllowed(true);
      algs.add(1, "RSAMD5");
      algs.add(2, "DH");
      algs.add(3, "DSA");
      algs.add(4, "ECC");
      algs.add(5, "RSASHA1");
      algs.add(6, "DSA-NSEC3-SHA1");
      algs.add(7, "RSA-NSEC3-SHA1");
      algs.add(8, "RSASHA256");
      algs.add(10, "RSASHA512");
      algs.add(252, "INDIRECT");
      algs.add(253, "PRIVATEDNS");
      algs.add(254, "PRIVATEOID");
    }

    public static String string(int paramInt)
    {
      return algs.getText(paramInt);
    }

    public static int value(String paramString)
    {
      return algs.getValue(paramString);
    }
  }

  public static class DNSSECException extends Exception
  {
    DNSSECException(String paramString)
    {
      super(paramString);
    }
  }

  public static class IncompatibleKeyException extends IllegalArgumentException
  {
    IncompatibleKeyException()
    {
      super("incompatible keys");
    }
  }

  public static class KeyMismatchException extends DNSSEC.DNSSECException
  {
    private KEYBase key;
    private SIGBase sig;

    KeyMismatchException(KEYBase paramKEYBase, SIGBase paramSIGBase)
    {
      super("key " + paramKEYBase.getName() + "/" + DNSSEC.Algorithm.string(paramKEYBase.getAlgorithm()) + "/" + paramKEYBase.getFootprint() + " " + "does not match signature " + paramSIGBase.getSigner() + "/" + DNSSEC.Algorithm.string(paramSIGBase.getAlgorithm()) + "/" + paramSIGBase.getFootprint());
    }
  }

  public static class MalformedKeyException extends DNSSEC.DNSSECException
  {
    MalformedKeyException(KEYBase paramKEYBase)
    {
      super("Invalid key data: " + paramKEYBase.rdataToString());
    }
  }

  public static class SignatureExpiredException extends DNSSEC.DNSSECException
  {
    private Date now;
    private Date when;

    SignatureExpiredException(Date paramDate1, Date paramDate2)
    {
      super("signature expired");
      this.when = paramDate1;
      this.now = paramDate2;
    }

    public Date getExpiration()
    {
      return this.when;
    }

    public Date getVerifyTime()
    {
      return this.now;
    }
  }

  public static class SignatureNotYetValidException extends DNSSEC.DNSSECException
  {
    private Date now;
    private Date when;

    SignatureNotYetValidException(Date paramDate1, Date paramDate2)
    {
      super("signature is not yet valid");
      this.when = paramDate1;
      this.now = paramDate2;
    }

    public Date getExpiration()
    {
      return this.when;
    }

    public Date getVerifyTime()
    {
      return this.now;
    }
  }

  public static class SignatureVerificationException extends DNSSEC.DNSSECException
  {
    SignatureVerificationException()
    {
      super("signature verification failed");
    }
  }

  public static class UnsupportedAlgorithmException extends DNSSEC.DNSSECException
  {
    UnsupportedAlgorithmException(int paramInt)
    {
      super("Unsupported algorithm: " + paramInt);
    }
  }
}